Time to read: 2 minutes 14 seconds | Published: October 1, 2025
What is firewall design?
Firewall design includes an organization’s overall security policy decisions such as which firewall features to use, where to enforce the firewall, and, ultimately, how to configure the firewall.
How does firewall design work?
The five sequential steps to follow when constructing a firewall design include:
1. Identify the organization's security requirements. Evaluate these requirements, assess the current security posture, and use this information to refine the security needs and tune the requirements.
2. Define an overall security policy. A well-defined security policy includes network resources, access policies, and authorization controls and makes sure that the firewall addresses all security requirements.
3. Define a firewall philosophy. Clearly identifying resources, applications, and services that require protection from insider attacks and external threats simplifies firewall definition and configuration.
4. Identify permitted communications. Define an acceptable use policy to specify the types of network activities such as applications and traffic that are allowed and denied on the LAN and the supported web services.
5. Identify the firewall enforcement points. Determining enforcement points is fundamental to firewall design. Firewalls are deployed at an edge, most often between the private LAN, and a public network, such as the Internet link.
As an additional measure of protection, develop a network traffic baseline profile that identifies the network’s normal traffic patterns. Setting a baseline enables monitoring for anomalous behavior and then setting thresholds to detect and protect against attacks.
Problems firewall design addresses
Firewall technology has evolved from packet filter firewalls to next-generation firewalls. New services and solutions have emerged to address the complexity of the cyber landscape, protect resources, and block attempts by cyber attackers to breach the firewall for nefarious purposes. Deploying an effective firewall for the network entails a great deal more than configuration. Establishing best practices contributes to creating a security policy and effective operating model, enhancing the firewall design and configuration process that ties into the network, and deploying a firewall that meets the security requirements for the organization overall.
What can you do with firewall design?
Best practices that are recommended to help with characterizing the network, documenting security posture, and determining the organization’s position regarding security are as follows:
- Identify and catalogue network resources and security requirements.
- Identify effective detection for known threats and how to deal with attacks.
- Document operating systems, versions, and applications.
- Define organization’s workflow for allowed communications, access rights based on employee roles and user requirements.
- Determine the firewall enforcement points: deploy a firewall to protect the edge (Internet-facing), the core (corporate-facing), or the DMZ (bastion first line of defense).
- Design the firewall for simplicity. It is imperative to consider operational needs.
As measures of protection, develop a network traffic baseline profile that identifies the network’s normal traffic patterns. Setting a baseline enables measuring irregular behavior and then setting thresholds to protect against attacks.
HPE Juniper Networking implementation
Juniper Networks SRX Series devices deliver firewall security services with a simplified design and deployment process. This includes creating zones tailored to functional requirements, separating user groups from servers, assigning user groups to zones based on subnet, and designing organization-specific policies.